redirect console to file and restore user owner on domain destroy

[Darragh Bailey]

Hi,

I'm generating some domain XML to have the serial console output sent to a
file for subsequent debug after the domain is no longer running. I'm
noticing that the file ends up being owned by root with permissions of 600.
I expected that it would need to be owned by root when the VM was running
using the qemu:///system uri for security purposes, however I had hoped
there would be a way to reset the owner and group back to the original
values on destroy.

Is this possible? I had hoped there might be something similar to what is
possible with the permissions element for storage pools.

Started experimenting adding seclabel child elements to the serial element,
but it seems to only affect ownership while the domain is running and when
it is destroyed it still ends up being owned as root.

creating the domain with the following serial/console elements:

    <serial type='file'>
      <source path='/home/testuser/vagrant-libvirt/logfiles/test.log'>
        <seclabel type='dynamic' model='dac' relabel='yes'>
          <label>+1002:+1002</label>
        </seclabel>
      </source>
      <target port='0'/>
    </serial>
    <console type='file'>
      <source path='/home/testuser/vagrant-libvirt/logfiles/test.log'/>
      <target type='serial' port='0'/>
    </console>

I've tried experimenting with a couple of different values but to no
success. It appears to only change the user group the file is set to while
the domain is running, and sets it to root when the VM is destroyed,
instead of returning it to the original user.

Is there any way with libvirt to have the file owned by the user after the
VM is destroyed (doesn't matter if it's owned by root at runtime), when
connecting using qemu:///system?

--
Darragh Bailey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20221118/a33ea45d/attachment.htm>